package com.wzy.shirostudy.controller;


import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.wzy.shirostudy.domain.SysUser;
import com.wzy.shirostudy.service.SysUserService;
import com.wzy.shirostudy.utils.JWTUtil;
import com.wzy.shirostudy.utils.MD5Utils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.ExcessiveAttemptsException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.UnauthorizedException;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.subject.Subject;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RestController;

import javax.annotation.Resource;

/**
 * <p>
 * 前端控制器
 * </p>
 *
 * @author wzy
 * @since 2020-04-16
 */
@Slf4j
@RestController
@RequestMapping("/user")
public class SysUserController {

    @Resource
    private SysUserService sysUserServiceImpl;

    @PostMapping("/old/login")
    public String userOldLogin(String username, String password) {
        // 从SecurityUtils里边创建一个 subject
        Subject subject = SecurityUtils.getSubject();
        // 在认证提交前准备 token（令牌）
        UsernamePasswordToken token = new UsernamePasswordToken(username, password);
        try {
            subject.login(token);
        } catch (UnknownAccountException unknownAccountException) {
            return "未知账户";
        } catch (IncorrectCredentialsException incorrectCredentialsException) {
            return "密码不正确";
        } catch (LockedAccountException lockedAccountException) {
            return "用户已锁定";
        } catch (ExcessiveAttemptsException excessiveAttemptsException) {
            return "用户名或密码错误次数过多";
        } catch (AuthenticationException authenticationException) {
            return "用户名或密码不正确";
        }

        if (subject.isAuthenticated()) {
            return "登录成功";
        } else {
            token.clear();
            return "登录失败";
        }
    }


    @PostMapping("/login")
    public String userLogin(String username, String password) {
        log.info("用户登录");

        if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) {
            throw new RuntimeException("用户名和密码不可以为空！");
        }

        // 从数据库中根据用户名查找该用户信息
        QueryWrapper queryWrapper = new QueryWrapper();
        queryWrapper.eq("username", username);
        SysUser sysUser = sysUserServiceImpl.getOne(queryWrapper);

        // 登录密码加密
        password = MD5Utils.md5(password);
        if (null != sysUser && sysUser.getPassword().equals(password)) {
            return JWTUtil.sign(sysUser.getId(),username, password);
        } else {
            throw new UnauthorizedException("用户名或者密码错误！");
        }
    }

    @GetMapping("/info")
    @RequiresPermissions("sys:user:query")
    public String testUserInfo() {
        return "恭喜获取到用户信息";
    }


    @GetMapping("/add")
    @RequiresPermissions("sys:user:add")
    public String testUserAdd() {
        return "恭喜能添加用户";
    }


    @GetMapping("/del")
    @RequiresPermissions("sys:test:del")
    public String testUserDel() {
        return "这是个没有权限的接口";
    }



    @GetMapping("/no/login")
    public String testNoLogin() {
        return "你没有登录";
    }
}

